Protection is included against invasive attacks (based on chip de-packaging), and non-invasive attacks like power and electromagnetic side-channel monitoring.
The aim is to bring “smartcard levels of security to emerging applications such as smart metering, door locks and automotive”, said Arm v-p of IoT Paul Williamson.
From now one, added the firm, all Arm secure intellectual property designed to protect against physical attacks will be have the ‘P’ tag – for physical security.
Arm’s physical anti-tamper protection is branded ‘SecurCore’.
Arm has two existing processors with SecurCore, the Cortex-M3-based SC300 and the Cortex-M0-based SC100.
To a first approximation, the new Cortex-M35P is a Cortex-M33 with SecurCore features.
“The Cortex-M35P has a similar profile to the Cortex-M33 with the addition of a built-in instruction cache and the physical security features,” a spokeswoman for Arm told Electronics Weekly. “There have been incremental innovations and improvements to the SecurCore line over time – for example the SC000 incorporated better and more anti-tamper features than the SC300, since it is a more recent product. Similarly, the Cortex-M35P has better and more features than the SC000. While not significantly different, these incremental improvements mean that the Cortex-M35P allows partners to seek higher levels of certification than its predecessors, and provides greater choice in terms of what they implement to meet a specific security certification level.”
One example of these improvements is parity. “One can make the feature better than before by applying it to more signals and more components, and of course by adding more parity bits,” according to Arm. The same applies to all anti-tamper features. “These improvements enable deeper protection and more flexible configuration.”
Summarised, the M35P provides additional security as a result of the following features:
- TrustZone technology for software isolation
- Dual 16 region memory protection units
- Security attribution unit
- External security bus interface (IDAU)
- Dual AHB5 bus interfaces that extend TrustZone secure/non secure access across the whole chip
Arm’s TrustZone is hardware-enforced software separation for secure hypervisors to work with.
If functional safety is a requirement, Cortex-M35P can also includes a safety package to support ISO 26262 certification.
Why is hacking a single device important?
“For example,” said Williamson, “if one smart streetlight or building smart light is hacked, an entire city’s smart lighting grid or company’s enterprise is potentially vulnerable. The impact of such an attack is immeasurable. This places greater importance on the need for system-level design principles, as physical security is one of many critical aspects that need to be considered along with technology to securely protect communications between the IoT device and the cloud, and capabilities for patching over-the-air.”